Prosím o kontrolu - náběh systému trvá moc dlouho Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Uživatelský avatar
mike007
Master Level 7.5
Master Level 7.5
Příspěvky: 5860
Registrován: srpen 07
Bydliště: Pardubice
Pohlaví: Muž
Stav:
Offline
Kontakt:

Prosím o kontrolu - náběh systému trvá moc dlouho

Příspěvekod mike007 » 25 srp 2014 16:07

Ahoj, moc prosím o kontrolu. Poslední týden, možná čtrnáct dní pozoruju dlouhé načítání plochy při startu pc. Dříve trvalo vteřinu, než naskočily ikony na ploše a spustily se rychlé poznámky. Nyní to trvá klidně dvě minuty. Během tohoto období jsem neinstaloval žádné programy, jen probíhaly aktualizace Windows a flash playeru. Taky jsem si všiml, že u rychlých poznámek se občas samo od sebe změní písmo. Po restartu je to už zase v pořádku. Možná to má nějakou spojitost. Díky

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:53:17, on 25.8.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.17054)

FIREFOX: 31.0 (x86 cs)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Users\mike\AppData\Local\Seznam.cz\bin\postak.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Razer\razerhid.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Razer\razerofa.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
C:\Users\mike\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.foxconn.cz/owa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Diamondback] C:\Program Files (x86)\Razer\Diamondback\Razer\Diamondback\razerhid.exe
O4 - HKLM\..\Run: [razer] C:\Program Files (x86)\Razer\razerhid.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAE.EXE /FU "C:\Users\mike\AppData\Local\Temp\E_SDC5B.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Seznam Postak] "C:\Users\mike\AppData\Local\Seznam.cz\bin\postak.exe" -s
O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Zoner Photo Studio Service 16] "C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXEC:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'Default user')
O8 - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: Nová poznámka - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\nlssrv32.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10424 bytes
Nejlepší hra je Excel!
Pravidla fóra PC-helpJak označit téma za vyřešené
»»»»»»»»»»»»»»»»»»»»»»»
UPOZORNĚNÍ - můj Skype, Soukromé zprávy či email neslouží jako tech. podpora.
Dotazy pište do fóra. Od toho tu je.

Reklama
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu - náběh systému trvá moc dlouho

Příspěvekod jaro3 » 25 srp 2014 17:44

Ahoj!

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
mike007
Master Level 7.5
Master Level 7.5
Příspěvky: 5860
Registrován: srpen 07
Bydliště: Pardubice
Pohlaví: Muž
Stav:
Offline
Kontakt:

Re: Prosím o kontrolu - náběh systému trvá moc dlouho

Příspěvekod mike007 » 25 srp 2014 22:52

Zatím dávám log z AdwCleaneru. MBAM běží už čtyři hodiny a nějak se mu nechce skončit, jenže mně se chce spát, tak ho vypínám a zkusím to spustit zase zítra. Zatím dík.

# AdwCleaner v3.308 - Report created 25/08/2014 at 18:04:43
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : mike - MIKE-PC
# Running from : C:\Users\mike\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Program Files (x86)\driver-soft
Folder Found : C:\ProgramData\Alawar Stargaze
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\Users\All Users\Alawar Stargaze
Folder Found : C:\Users\All Users\apn
Folder Found : C:\Users\All Users\Ask
Folder Found : C:\Users\All Users\Trymedia
Folder Found : C:\Users\mike\AppData\Local\eSupport.com
Folder Found : C:\Users\mike\AppData\Local\GamePlayLabs Plugin
Folder Found : C:\Users\mike\AppData\LocalLow\FunWebProducts
Folder Found : C:\Users\mike\AppData\LocalLow\MyWebSearch
Folder Found : C:\Users\mike\AppData\Roaming\OpenCandy
Folder Found : C:\Users\mike\AppData\Roaming\pdfforge

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\GamePlayLabs
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Myfree Codec
Key Found : HKCU\Software\ParetoLogic
Key Found : HKCU\Software\PIP
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\GamePlayLabs
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : [x64] HKCU\Software\Myfree Codec
Key Found : [x64] HKCU\Software\ParetoLogic
Key Found : [x64] HKCU\Software\PIP
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\{65C994A2-C65A-4A20-BA92-AADAFC0DCE49}
Key Found : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ocphobfcfafpclibolpjdafgaffkaoci
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askchecker_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askchecker_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Found : HKLM\SOFTWARE\Myfree Codec
Key Found : HKLM\SOFTWARE\PIP
Key Found : HKLM\SOFTWARE\Trymedia Systems
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17054


-\\ Mozilla Firefox v31.0 (x86 cs)

[ File : C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\5o2t2qnv.mike007\prefs.js ]

Line Found : user_pref("extensions.DivXWebPlayer@divx.com.install-event-fired", true);
Line Found : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,ShortenURL%40loucypher:0.3.8,%7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.1.0,youtubemp3podcaster%40jeremy.d.gregorio.com:3.3.[...]
Line Found : user_pref("extensions.enabledItems", "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6,{0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5,cs@dictionaries.addons.mozilla.org:1.0.2,{D4DD63FA-01E4-46a7-B6B1-EDAB7D[...]
Line Found : user_pref("extensions.likethepage.addit.remoteInstallItems", "{ \"software\": {\"11\": {\"id\": \"11\",\"title\": \"KwiClick\",\"type\": \"XPI\",\"url\": \"hxxps://addons.mozilla.org/en-US/firefox/dow[...]
Line Found : user_pref("extensions.plugin2@gameplaylabs.com.fr", "1301330497");
Line Found : user_pref("extensions.plugin2@gameplaylabs.com.install-event-fired", true);
Line Found : user_pref("extensions.plugin2@gameplaylabs.com.ranonce", true);
Line Found : user_pref("extensions.plugin2@gameplaylabs.com.rule_/", "1301330500");
Line Found : user_pref("extensions.plugin2@gameplaylabs.com.rule_dealsplugin.com/", "1301330500");
Line Found : user_pref("extensions.plugin2@gameplaylabs.com.rule_facebook.com", "1301330500");
Line Found : user_pref("extensions.plugin2@gameplaylabs.com.rule_h", "1301330500");
Line Found : user_pref("extensions.plugin2@gameplaylabs.com.rule_hxxp", "1301330500");
Line Found : user_pref("extensions.plugin2@gameplaylabs.com.rule_iqquizgame.com/", "1301330500");
Line Found : user_pref("extensions.plugin2@gameplaylabs.com.rule_play-ga.me/", "1301330500");
Line Found : user_pref("extensions.plugin2@gameplaylabs.com.rule_revealmycrush.com/", "1301330500");
Line Found : user_pref("extensions.plugin2@gameplaylabs.com.rule_unlock-this.com/browserplugin", "1301330500");
Line Found : user_pref("extensions.plugin2@gameplaylabs.com.rule_unlock-this.com/plugin", "1301330500");
Line Found : user_pref("greasemonkey.scriptvals.hxxp://www.danvsdan.com/bryar.cgi/id_te ... p/Textarea Backup.hxxp://bastleni.eu/administrator/index. ... k=edit&cid[]=[...]
Line Found : user_pref("greasemonkey.scriptvals.hxxp://www.danvsdan.com/bryar.cgi/id_te ... p/Textarea Backup.hxxp://bastleni.eu/administrator/index. ... k=edit&cid[]=[...]
Line Found : user_pref("greasemonkey.scriptvals.hxxp://www.danvsdan.com/bryar.cgi/id_te ... p/Textarea Backup.hxxp://cs.wikibooks.org/w/index.php?tit ... n=edit&sec[...]
Line Found : user_pref("greasemonkey.scriptvals.hxxp://www.danvsdan.com/bryar.cgi/id_te ... p/Textarea Backup.hxxp://email.seznam.cz/newMessageScreen ... messagePos[...]
Line Found : user_pref("greasemonkey.scriptvals.hxxp://www.danvsdan.com/bryar.cgi/id_te ... p/Textarea Backup.hxxp://hijackthis.de/cz;logfile", "Logfile%20of%20Trend%20Micro%20HijackThis%20v2.0.4%0ASca[...]
Line Found : user_pref("greasemonkey.scriptvals.hxxp://www.danvsdan.com/bryar.cgi/id_te ... p/Textarea Backup.hxxp://www.geocaching.com/seek/log.aspx ... 1_uxLogInf[...]
Line Found : user_pref("greasemonkey.scriptvals.hxxp://www.danvsdan.com/bryar.cgi/id_te ... p/Textarea Backup.hxxp://www.geocaching.com/track/log.asp ... 8;ctl00_Co[...]
Line Found : user_pref("greasemonkey.scriptvals.hxxp://www.danvsdan.com/bryar.cgi/id_te ... p/Textarea Backup.hxxp://www.pc-help.cz/posting.php?mode= ... 35;message", "Nekaslem%20nato%20len%[...]
Line Found : user_pref("greasemonkey.scriptvals.hxxp://www.danvsdan.com/bryar.cgi/id_te ... p/Textarea Backup.hxxp://www.pc-help.cz/posting.php?mode= ... 99;message", "Ahoj,%0A%0AS%20po%C4%8[...]
Line Found : user_pref("greasemonkey.scriptvals.hxxp://www.danvsdan.com/bryar.cgi/id_te ... p/Textarea Backup.hxxp://www.pc-help.cz/posting.php?mode= ... 45;message", "%5Bb%5DMBAM:%5B/b%5D%0[...]
Line Found : user_pref("greasemonkey.scriptvals.hxxp://www.danvsdan.com/bryar.cgi/id_te ... p/Textarea Backup.hxxp://www.pc-help.cz/posting.php?mode= ... 27;message", "Je%C5%A1t%C4%9B%20to%2[...]
Line Found : user_pref("greasemonkey.scriptvals.hxxp://www.danvsdan.com/bryar.cgi/id_te ... p/Textarea Backup.hxxp://www.pc-help.cz/posting.php?mode= ... 70;message", "Ahoj,%0A%0APros%C3%ADm%20o%20pr[...]
Line Found : user_pref("greasemonkey.scriptvals.hxxp://www.danvsdan.com/bryar.cgi/id_te ... p/Textarea Backup.hxxp://www.pc-help.cz/posting.php?mode= ... d0b85&t=52[...]
Line Found : user_pref("greasemonkey.scriptvals.hxxp://www.danvsdan.com/bryar.cgi/id_te ... p/Textarea Backup.hxxp://www.pc-help.cz/viewtopic.php?f=4 ... 48;message", "hxxp://www.slunecnice.cz/sw/pro[...]
Line Found : user_pref("greasemonkey.scriptvals.hxxp://www.danvsdan.com/bryar.cgi/id_te ... p/Textarea Backup.hxxp://www.pc-help.cz/viewtopic.php?f=7 ... 34;message", "OTL%201.%C4%8D[...]

*************************

AdwCleaner[R0].txt - [26038 octets] - [15/01/2014 14:45:52]
AdwCleaner[R1].txt - [55729 octets] - [28/07/2014 16:40:04]
AdwCleaner[R2].txt - [12548 octets] - [25/08/2014 18:04:43]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [12609 octets] ##########
Nejlepší hra je Excel!
Pravidla fóra PC-helpJak označit téma za vyřešené
»»»»»»»»»»»»»»»»»»»»»»»
UPOZORNĚNÍ - můj Skype, Soukromé zprávy či email neslouží jako tech. podpora.
Dotazy pište do fóra. Od toho tu je.

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu - náběh systému trvá moc dlouho

Příspěvekod jaro3 » 26 srp 2014 09:44

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

MbAM zkus v nouz. režimu.

Kontroloval si RAM a disk?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
mike007
Master Level 7.5
Master Level 7.5
Příspěvky: 5860
Registrován: srpen 07
Bydliště: Pardubice
Pohlaví: Muž
Stav:
Offline
Kontakt:

Re: Prosím o kontrolu - náběh systému trvá moc dlouho

Příspěvekod mike007 » 26 srp 2014 11:19

Níže je log z JRT.

Mbam zkusím v nouzovém režimu. Čištění v Adwcleaneru zkusím taky v nouzovém režimu, protože jsem to nechal asi hodinu pracovat a nic. Asi se to seklo...
Kontrolu disku jsem dělal před několika dny. Test RAM ne.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by mike on Łt 26.08.2014 at 11:06:38,81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"



~~~ FireFox

Successfully deleted the following from C:\Users\mike\AppData\Roaming\mozilla\firefox\profiles\5o2t2qnv.mike007\prefs.js

user_pref("extensions.likethepage.addit.remoteInstallItems", "{ \"software\": {\"11\": {\"id\": \"11\",\"title\": \"KwiClick\",\"type\": \"XPI\",\"url\": \"hxxps://addons.mozi
user_pref("greasemonkey.scriptvals.hxxp://www.danvsdan.com/bryar.cgi/id_te ... p/Textarea Backup.hxxp://bastleni.eu/administrator/index. ... ntent&sect
user_pref("greasemonkey.scriptvals.hxxp://www.danvsdan.com/bryar.cgi/id_te ... p/Textarea Backup.hxxp://bastleni.eu/administrator/index. ... ntent&sect
user_pref("greasemonkey.scriptvals.hxxp://www.danvsdan.com/bryar.cgi/id_te ... p/Textarea Backup.hxxp://cs.wikibooks.org/w/index.php?tit ... _elektroni
user_pref("greasemonkey.scriptvals.hxxp://www.danvsdan.com/bryar.cgi/id_te ... p/Textarea Backup.hxxp://email.seznam.cz/newMessageScreen ... rId=draft&
user_pref("greasemonkey.scriptvals.hxxp://www.danvsdan.com/bryar.cgi/id_te ... p/Textarea Backup.hxxp://hijackthis.de/cz;logfile", "Logfile%20of%20Trend%20Micro%20
user_pref("greasemonkey.scriptvals.hxxp://www.danvsdan.com/bryar.cgi/id_te ... p/Textarea Backup.hxxp://www.pc-help.cz/posting.php?mode= ... 35;message"
user_pref("greasemonkey.scriptvals.hxxp://www.danvsdan.com/bryar.cgi/id_te ... p/Textarea Backup.hxxp://www.pc-help.cz/posting.php?mode= ... 99;message"
user_pref("greasemonkey.scriptvals.hxxp://www.danvsdan.com/bryar.cgi/id_te ... p/Textarea Backup.hxxp://www.pc-help.cz/posting.php?mode= ... 45;message"
user_pref("greasemonkey.scriptvals.hxxp://www.danvsdan.com/bryar.cgi/id_te ... p/Textarea Backup.hxxp://www.pc-help.cz/posting.php?mode= ... 70;message", "Ahoj,%
user_pref("greasemonkey.scriptvals.hxxp://www.danvsdan.com/bryar.cgi/id_te ... p/Textarea Backup.hxxp://www.pc-help.cz/posting.php?mode= ... 29;message"
user_pref("greasemonkey.scriptvals.hxxp://www.danvsdan.com/bryar.cgi/id_te ... p/Textarea Backup.hxxp://www.pc-help.cz/posting.php?mode= ... 204bed08d3
user_pref("greasemonkey.scriptvals.hxxp://www.danvsdan.com/bryar.cgi/id_te ... p/Textarea Backup.hxxp://www.pc-help.cz/viewtopic.php?f=7 ... 4#p436204;
user_pref("greasemonkey.scriptvals.hxxp://www.danvsdan.com/bryar.cgi/id_te ... p/Textarea Backup.hxxp://www.pc-help.cz/viewtopic.php?f=7 ... 4#p436334;
user_pref("greasemonkey.scriptvals.hxxp://www.danvsdan.com/bryar.cgi/id_te ... p/Textarea Backup.hxxps://ibs.internetbanka.cz/ibs31/Cont ... ssionid=00
user_pref("greasemonkey.scriptvals.hxxp://www.danvsdan.com/bryar.cgi/id_te ... p/Textarea Backup.hxxps://ibs.internetbanka.cz/ibs31/Cont ... ssionid=00
Emptied folder: C:\Users\mike\AppData\Roaming\mozilla\firefox\profiles\5o2t2qnv.mike007\minidumps [541 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Łt 26.08.2014 at 11:11:49,88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Nejlepší hra je Excel!
Pravidla fóra PC-helpJak označit téma za vyřešené
»»»»»»»»»»»»»»»»»»»»»»»
UPOZORNĚNÍ - můj Skype, Soukromé zprávy či email neslouží jako tech. podpora.
Dotazy pište do fóra. Od toho tu je.

Uživatelský avatar
mike007
Master Level 7.5
Master Level 7.5
Příspěvky: 5860
Registrován: srpen 07
Bydliště: Pardubice
Pohlaví: Muž
Stav:
Offline
Kontakt:

Re: Prosím o kontrolu - náběh systému trvá moc dlouho

Příspěvekod mike007 » 26 srp 2014 15:28

Níže je log z AdwCleaneru spuštěného v nouzovém režimu. V nouzovém režimu jsem zkoušel i Mbam, ale po třech hodinách jsem to vzdal a shodil jsem to. Problém zatím nezmizel, ba naopak se to zhoršilo. Při startu plochy vyskakuje chybová hláška: "Průzkumník Windows přestal pracovat". Po zvolení možnosti restartu trvá další minutu, než se to dá do cajku. Až budu mít chvilku, tak vyzkouším ještě sfc scan. Někde někdo psal, že to pomohlo.

# AdwCleaner v3.308 - Report created 26/08/2014 at 11:23:31
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : mike - MIKE-PC
# Running from : C:\Users\mike\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17054


-\\ Mozilla Firefox v31.0 (x86 cs)

[ File : C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\5o2t2qnv.mike007\prefs.js ]

Line Deleted : user_pref("extensions.DivXWebPlayer@divx.com.install-event-fired", true);
Line Deleted : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,ShortenURL%40loucypher:0.3.8,%7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.1.0,youtubemp3podcaster%40jeremy.d.gregorio.com:3.3.[...]
Line Deleted : user_pref("extensions.enabledItems", "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6,{0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5,cs@dictionaries.addons.mozilla.org:1.0.2,{D4DD63FA-01E4-46a7-B6B1-EDAB7D[...]
Line Deleted : user_pref("extensions.likethepage.addit.remoteInstallItems", "{ \"software\": {\"11\": {\"id\": \"11\",\"title\": \"KwiClick\",\"type\": \"XPI\",\"url\": \"hxxps://addons.mozilla.org/en-US/firefox/dow[...]
Line Deleted : user_pref("extensions.plugin2@gameplaylabs.com.fr", "1301330497");
Line Deleted : user_pref("extensions.plugin2@gameplaylabs.com.install-event-fired", true);
Line Deleted : user_pref("extensions.plugin2@gameplaylabs.com.ranonce", true);
Line Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_/", "1301330500");
Line Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_dealsplugin.com/", "1301330500");
Line Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_facebook.com", "1301330500");
Line Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_h", "1301330500");
Line Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_hxxp", "1301330500");
Line Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_iqquizgame.com/", "1301330500");
Line Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_play-ga.me/", "1301330500");
Line Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_revealmycrush.com/", "1301330500");
Line Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_unlock-this.com/browserplugin", "1301330500");
Line Deleted : user_pref("extensions.plugin2@gameplaylabs.com.rule_unlock-this.com/plugin", "1301330500");
Line Deleted : user_pref("greasemonkey.scriptvals.hxxp://www.danvsdan.com/bryar.cgi/id_te ... p/Textarea Backup.hxxp://www.geocaching.com/seek/log.aspx ... 1_uxLogInf[...]
Line Deleted : user_pref("greasemonkey.scriptvals.hxxp://www.danvsdan.com/bryar.cgi/id_te ... p/Textarea Backup.hxxp://www.geocaching.com/track/log.asp ... 8;ctl00_Co[...]
Line Deleted : user_pref("greasemonkey.scriptvals.hxxp://www.danvsdan.com/bryar.cgi/id_te ... p/Textarea Backup.hxxp://www.pc-help.cz/posting.php?mode= ... 27;message", "Je%C5%A1t%C4%9B%20to%2[...]
Line Deleted : user_pref("greasemonkey.scriptvals.hxxp://www.danvsdan.com/bryar.cgi/id_te ... p/Textarea Backup.hxxp://www.pc-help.cz/viewtopic.php?f=4 ... 48;message", "hxxp://www.slunecnice.cz/sw/pro[...]

*************************

AdwCleaner[R0].txt - [26038 octets] - [15/01/2014 14:45:52]
AdwCleaner[R1].txt - [55729 octets] - [28/07/2014 16:40:04]
AdwCleaner[R2].txt - [12798 octets] - [25/08/2014 18:04:43]
AdwCleaner[R3].txt - [12859 octets] - [26/08/2014 10:41:31]
AdwCleaner[R4].txt - [6378 octets] - [26/08/2014 11:03:03]
AdwCleaner[R5].txt - [4078 octets] - [26/08/2014 11:21:50]
AdwCleaner[S0].txt - [12098 octets] - [26/08/2014 10:51:29]
AdwCleaner[S1].txt - [2637 octets] - [26/08/2014 11:04:33]
AdwCleaner[S2].txt - [4041 octets] - [26/08/2014 11:23:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [4101 octets] ##########
Nejlepší hra je Excel!
Pravidla fóra PC-helpJak označit téma za vyřešené
»»»»»»»»»»»»»»»»»»»»»»»
UPOZORNĚNÍ - můj Skype, Soukromé zprávy či email neslouží jako tech. podpora.
Dotazy pište do fóra. Od toho tu je.

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu - náběh systému trvá moc dlouho

Příspěvekod jaro3 » 26 srp 2014 15:31

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit

-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
mike007
Master Level 7.5
Master Level 7.5
Příspěvky: 5860
Registrován: srpen 07
Bydliště: Pardubice
Pohlaví: Muž
Stav:
Offline
Kontakt:

Re: Prosím o kontrolu - náběh systému trvá moc dlouho

Příspěvekod mike007 » 27 srp 2014 06:39

Dobrí ranko Jaro, tady je log z RogueKiller:

RogueKiller V9.2.8.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : mike [Práva správce]
Mód : Kontrola -- Datum : 08/27/2014 06:36:07

¤¤¤ Škodlivé procesy: : 1 ¤¤¤
[Suspicious.Path] postak.exe -- C:\Users\mike\AppData\Local\Seznam.cz\bin\postak.exe[7] -> SMAZÁNO [TermProc]

¤¤¤ ¤¤¤ Záznamy Registrů: : 30 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2284525654-717343284-714989145-1001\Software\Microsoft\Windows\CurrentVersion\Run | Seznam Postak : "C:\Users\mike\AppData\Local\Seznam.cz\bin\postak.exe" -s -> NALEZENO
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2284525654-717343284-714989145-1001\Software\Microsoft\Windows\CurrentVersion\Run | Seznam Postak : "C:\Users\mike\AppData\Local\Seznam.cz\bin\postak.exe" -s -> NALEZENO
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gdrv -> NALEZENO
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gdrv -> NALEZENO
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gdrv -> NALEZENO
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\gdrv -> NALEZENO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 172.27.254.250 -> NALEZENO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EB2B0C48-DD1E-4333-9F5B-907592FDE960} | DhcpNameServer : 172.27.254.250 -> NALEZENO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4F6A308A-EDB2-4CED-B40A-D637ECC99187} | DhcpNameServer : 172.27.254.250 -> NALEZENO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{EB2B0C48-DD1E-4333-9F5B-907592FDE960} | DhcpNameServer : 172.27.254.250 -> NALEZENO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{EB2B0C48-DD1E-4333-9F5B-907592FDE960} | DhcpNameServer : 172.27.254.250 -> NALEZENO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{EB2B0C48-DD1E-4333-9F5B-907592FDE960} | DhcpNameServer : 172.27.254.250 -> NALEZENO
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-2284525654-717343284-714989145-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NALEZENO
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-2284525654-717343284-714989145-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NALEZENO
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-2284525654-717343284-714989145-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NALEZENO
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-2284525654-717343284-714989145-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NALEZENO
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> NALEZENO
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> NALEZENO
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> NALEZENO
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> NALEZENO
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2284525654-717343284-714989145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 0 -> NALEZENO
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2284525654-717343284-714989145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowVideos : 0 -> NALEZENO
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2284525654-717343284-714989145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 0 -> NALEZENO
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2284525654-717343284-714989145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowVideos : 0 -> NALEZENO
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NALEZENO
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NALEZENO
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NALEZENO
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NALEZENO
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2284525654-717343284-714989145-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://mail.foxconn.cz/owa -> NALEZENO
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2284525654-717343284-714989145-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://mail.foxconn.cz/owa -> NALEZENO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: NAHRÁNO) ¤¤¤

¤¤¤ Webové prohlížeče : 2 ¤¤¤
[PUM.Proxy][FIREFX:Config] 5o2t2qnv.mike007 : user_pref("network.proxy.http", "128.59.20.227"); -> NALEZENO
[PUM.Proxy][FIREFX:Config] 5o2t2qnv.mike007 : user_pref("network.proxy.http_port", 3128); -> NALEZENO

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD502HJ SCSI Disk Device +++++
--- User ---
[MBR] 389e4ea15054822077df2d780efe15ce
[BSP] 42cb6d905daed73a354f6fd49ee715b1 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 476929 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Nesprávná funkce. )
Nejlepší hra je Excel!
Pravidla fóra PC-helpJak označit téma za vyřešené
»»»»»»»»»»»»»»»»»»»»»»»
UPOZORNĚNÍ - můj Skype, Soukromé zprávy či email neslouží jako tech. podpora.
Dotazy pište do fóra. Od toho tu je.

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu - náběh systému trvá moc dlouho

Příspěvekod jaro3 » 27 srp 2014 10:03

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:


- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Stahni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;


klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Stáhni si Memtest:

Políčko , ve kterém je napsáno:
All unused RAM -ponech , jak je.
-dej Start , nech nejméně 2h běžet , pokud bude po 2h stále 0 errors , jsou v pořádku.


Ještě zkontrolovat HDD na chyby ,popř. zkusit jeho defragmentaci ..


Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
mike007
Master Level 7.5
Master Level 7.5
Příspěvky: 5860
Registrován: srpen 07
Bydliště: Pardubice
Pohlaví: Muž
Stav:
Offline
Kontakt:

Re: Prosím o kontrolu - náběh systému trvá moc dlouho

Příspěvekod mike007 » 27 srp 2014 14:24

Roguekiller:

RogueKiller V9.2.8.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : mike [Práva správce]
Mód : Odebrat -- Datum : 08/27/2014 13:48:29

¤¤¤ Škodlivé procesy: : 1 ¤¤¤
[Suspicious.Path] postak.exe -- C:\Users\mike\AppData\Local\Seznam.cz\bin\postak.exe[7] -> SMAZÁNO [TermProc]

¤¤¤ ¤¤¤ Záznamy Registrů: : 30 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2284525654-717343284-714989145-1001\Software\Microsoft\Windows\CurrentVersion\Run | Seznam Postak : "C:\Users\mike\AppData\Local\Seznam.cz\bin\postak.exe" -s [x] -> VYMAZÁNO
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2284525654-717343284-714989145-1001\Software\Microsoft\Windows\CurrentVersion\Run | Seznam Postak : "C:\Users\mike\AppData\Local\Seznam.cz\bin\postak.exe" -s -> ERROR [2]
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gdrv -> VYMAZÁNO
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gdrv -> VYMAZÁNO
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gdrv -> VYMAZÁNO
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\gdrv -> VYMAZÁNO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 172.27.254.250 -> NAHRAZENO ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EB2B0C48-DD1E-4333-9F5B-907592FDE960} | DhcpNameServer : 172.27.254.250 -> NAHRAZENO ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4F6A308A-EDB2-4CED-B40A-D637ECC99187} | DhcpNameServer : 172.27.254.250 -> NAHRAZENO ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{EB2B0C48-DD1E-4333-9F5B-907592FDE960} | DhcpNameServer : 172.27.254.250 -> NAHRAZENO ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{EB2B0C48-DD1E-4333-9F5B-907592FDE960} | DhcpNameServer : 172.27.254.250 -> NAHRAZENO ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{EB2B0C48-DD1E-4333-9F5B-907592FDE960} | DhcpNameServer : 172.27.254.250 -> NAHRAZENO ()
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-2284525654-717343284-714989145-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> VYMAZÁNO
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-2284525654-717343284-714989145-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> VYMAZÁNO
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-2284525654-717343284-714989145-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> ERROR [2]
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-2284525654-717343284-714989145-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> ERROR [2]
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> NAHRAZENO (1)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> NAHRAZENO (1)
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> NAHRAZENO (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> NAHRAZENO (2)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2284525654-717343284-714989145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 0 -> NAHRAZENO (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2284525654-717343284-714989145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowVideos : 0 -> NAHRAZENO (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2284525654-717343284-714989145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 0 -> NAHRAZENO (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2284525654-717343284-714989145-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowVideos : 0 -> NAHRAZENO (1)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NAHRAZENO (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NAHRAZENO (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NAHRAZENO (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NAHRAZENO (0)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2284525654-717343284-714989145-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://mail.foxconn.cz/owa -> NAHRAZENO (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2284525654-717343284-714989145-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://mail.foxconn.cz/owa -> NAHRAZENO (http://go.microsoft.com/fwlink/p/?LinkId=255141)

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: NAHRÁNO) ¤¤¤

¤¤¤ Webové prohlížeče : 11 ¤¤¤
[IE:Addon] System : avast! WebRep [{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}] -> VYMAZÁNO
[FIREFX:Addon] 5o2t2qnv.mike007 : Adblock Plus [{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}] -> VYMAZÁNO
[FIREFX:Addon] 5o2t2qnv.mike007 : Garmin Communicator [{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}] -> VYMAZÁNO
[FIREFX:Addon] 5o2t2qnv.mike007 : avast! Online Security [wrc@avast.com] -> VYMAZÁNO
[FIREFX:Addon] 5o2t2qnv.mike007 : ColorfulTabs [{0545b830-f0aa-4d7e-8820-50a4629a56fe}] -> VYMAZÁNO
[FIREFX:Addon] 5o2t2qnv.mike007 : Youtube MP3 Podcaster [youtubemp3podcaster@jeremy.d.gregorio.com] -> VYMAZÁNO
[FIREFX:Addon] 5o2t2qnv.mike007 : Video DownloadHelper [{b9db16a4-6edc-47ec-a1f4-b86292ed211d}] -> VYMAZÁNO
[FIREFX:Addon] 5o2t2qnv.mike007 : DivX Web Player [DivXWebPlayer@divx.com] -> VYMAZÁNO
[FIREFX:Addon] 5o2t2qnv.mike007 : Shorten URL [ShortenURL@loucypher] -> VYMAZÁNO
[PUM.Proxy][FIREFX:Config] 5o2t2qnv.mike007 : user_pref("network.proxy.http", "128.59.20.227"); -> VYMAZÁNO
[PUM.Proxy][FIREFX:Config] 5o2t2qnv.mike007 : user_pref("network.proxy.http_port", 3128); -> VYMAZÁNO

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD502HJ SCSI Disk Device +++++
--- User ---
[MBR] 389e4ea15054822077df2d780efe15ce
[BSP] 42cb6d905daed73a354f6fd49ee715b1 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 476929 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Nesprávná funkce. )


============================================
RKreport_SCN_08272014_063607.log - RKreport_SCN_08272014_134607.log




Zoek:


Zoek.exe v5.0.0.0 Updated 27-08-2014
Tool run by mike on st 27.08.2014 at 13:56:43,49.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\mike\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

27.8.2014 13:58:51 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2284525654-717343284-714989145-1001\Software\Microsoft\Internet Explorer\Explorer Bars\{EA837F48-5AD1-443E-AE34-FFE03CBF3099} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\5o2t2qnv.mike007\prefs.js:
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\5o2t2qnv.mike007\prefs.js:

Deleted from C:\Users\mike\AppData\Roaming\Nvu\Profiles\1mk0zvd4.default\prefs.js:

Added to C:\Users\mike\AppData\Roaming\Nvu\Profiles\1mk0zvd4.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\mike\AppData\Roaming\Thunderbird\Profiles\0d00txdx.default\prefs.js:

Added to C:\Users\mike\AppData\Roaming\Thunderbird\Profiles\0d00txdx.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\5o2t2qnv.mike007

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_27.08.2014_1407_.backup

ProfilePath: C:\Users\mike\AppData\Roaming\Nvu\Profiles\1mk0zvd4.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_27.08.2014_1407_.backup

ProfilePath: C:\Users\mike\AppData\Roaming\Thunderbird\Profiles\0d00txdx.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_27.08.2014_1407_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~3\__wdump.txt deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec deleted
C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\5o2t2qnv.mike007\jetpack deleted
"C:\Windows\Installer\5f1030.msi" deleted
"C:\Users\mike\AppData\Local\{00B4850D-D11D-46C4-90B4-60F85AB2902C}" deleted
"C:\Users\mike\AppData\Local\{023FAFDF-F32A-42E8-A016-F33E3550DBB0}" deleted
"C:\Users\mike\AppData\Local\{0739DB9C-9780-4E40-840C-A8526EF96CDF}" deleted
"C:\Users\mike\AppData\Local\{092A0AC8-BD26-4317-B49F-2AD2A90E8FFA}" deleted
"C:\Users\mike\AppData\Local\{0BF8C5B0-4A6F-420C-8E51-889AC6165774}" deleted
"C:\Users\mike\AppData\Local\{0EE7C274-384E-4519-B551-914C7051E2B3}" deleted
"C:\Users\mike\AppData\Local\{134CAE6A-53D0-4A59-80D5-3B38F3DB26E6}" deleted
"C:\Users\mike\AppData\Local\{14C26332-A7F8-4EF5-B33B-67A33F2DAD10}" deleted
"C:\Users\mike\AppData\Local\{1CD72ADF-8375-4D7E-9D1A-4EBCAB44AFFE}" deleted
"C:\Users\mike\AppData\Local\{1CD8DC97-25C5-4E69-9231-E312105BE379}" deleted
"C:\Users\mike\AppData\Local\{27B7718A-B17A-416A-98B5-E39AD6AEADE4}" deleted
"C:\Users\mike\AppData\Local\{28D70480-1CCB-4817-BAE3-6C13EF507FC9}" deleted
"C:\Users\mike\AppData\Local\{34D2BE51-676F-4D1F-A8E5-CD7C299A26ED}" deleted
"C:\Users\mike\AppData\Local\{37EAFFA4-99C4-4342-8E45-20D0653A2EFD}" deleted
"C:\Users\mike\AppData\Local\{40CF1DA4-9ACA-4653-AFBA-DEF4F98091AD}" deleted
"C:\Users\mike\AppData\Local\{40F25647-D911-428B-A910-613ADD454753}" deleted
"C:\Users\mike\AppData\Local\{441CE34E-0AAF-41E9-9882-4FBA8C843F9E}" deleted
"C:\Users\mike\AppData\Local\{46867527-38AC-4EC9-A41A-70EAA54C17E2}" deleted
"C:\Users\mike\AppData\Local\{4690864B-7FB5-4A69-9293-D4BCB5635C9F}" deleted
"C:\Users\mike\AppData\Local\{5E5CC505-3EA7-47DE-8406-FCCE8C83AF1C}" deleted
"C:\Users\mike\AppData\Local\{639C4162-8A49-4136-9563-E431F9E2CAFC}" deleted
"C:\Users\mike\AppData\Local\{65A9310F-70D9-4808-9664-8E832BABB724}" deleted
"C:\Users\mike\AppData\Local\{6EDEB334-CCB6-4447-B8E4-C58B4B977D22}" deleted
"C:\Users\mike\AppData\Local\{7F64A0C2-6FF0-4BCD-A1A2-E38B68987630}" deleted
"C:\Users\mike\AppData\Local\{89C33DD3-F8B0-412B-93C3-87F685F81BD7}" deleted
"C:\Users\mike\AppData\Local\{8A438E6E-F721-4C54-BA7F-3AD13A1A811C}" deleted
"C:\Users\mike\AppData\Local\{9EB21CAA-778D-4D68-9008-D42B09CAC6DC}" deleted
"C:\Users\mike\AppData\Local\{AA418FE3-AB5A-4DBF-89F8-B1A122A21D2A}" deleted
"C:\Users\mike\AppData\Local\{ADB5DE97-D7F0-4447-AD7A-0E2A24E9483D}" deleted
"C:\Users\mike\AppData\Local\{B4DEA37C-C934-423E-B1D7-6EE19250E18C}" deleted
"C:\Users\mike\AppData\Local\{BAC33A3B-B963-4927-A16D-3997A116F204}" deleted
"C:\Users\mike\AppData\Local\{C128286F-5BC1-44CD-A6B3-22279973B90B}" deleted
"C:\Users\mike\AppData\Local\{C4F2508C-9898-459F-9D85-3AB60F1F2D56}" deleted
"C:\Users\mike\AppData\Local\{C5622D65-513B-4F4B-BEF4-B2805EE0C0B7}" deleted
"C:\Users\mike\AppData\Local\{C5C0D3D3-6905-422C-8C3A-3063D6C7DD73}" deleted
"C:\Users\mike\AppData\Local\{C6F8ACF1-0C93-4A39-9B11-FFC0FB4CC149}" deleted
"C:\Users\mike\AppData\Local\{C9A50B71-0743-491E-9AFD-E3638AFC94C2}" deleted
"C:\Users\mike\AppData\Local\{CB3ED7AA-80DD-4EE4-AF90-86666C665831}" deleted
"C:\Users\mike\AppData\Local\{D08B91A6-820B-4409-99BB-27B2DF9644D1}" deleted
"C:\Users\mike\AppData\Local\{D132191C-B0D2-4341-BF10-752A4EB14BAA}" deleted
"C:\Users\mike\AppData\Local\{D615E2FA-63B8-4BFB-90FF-A876616EA71C}" deleted
"C:\Users\mike\AppData\Local\{DA568D3F-8389-493E-A929-C201D9CB1F2E}" deleted
"C:\Users\mike\AppData\Local\{DF95C72F-3D8A-483E-A86C-19495BEAFEC1}" deleted
"C:\Users\mike\AppData\Local\{FED94951-7F7A-400E-8279-B2B64C55C093}" deleted
"C:\Users\mike\AppData\Roaming\Digital Mono" deleted
"C:\Users\mike\AppData\Roaming\Distortion" deleted
"C:\Users\mike\AppData\Roaming\Documents" deleted
"C:\Users\mike\AppData\Roaming\Vso" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [22.03.2013 21:30]

==== Firefox Extensions ======================

ProfilePath: C:\Users\mike\AppData\Roaming\Nvu\Profiles\1mk0zvd4.default
- Undetermined - %ProfilePath%\extensions\installed-extensions.txt
- Nvu default - %ProfilePath%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\5o2t2qnv.mike007
9EE20E6E2E3F94714D44F739B9A228F4 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll - Shockwave Flash
DCB0BCEF594E2C410793C4A823C318F3 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll - Shockwave for Director / Shockwave for Director
C195AC4544729A69CFF30BB62F473054 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll - Shockwave for Director / Shockwave for Director
290A0130C74ADCD4546BC6900D1665D9 - C:\Windows\SysWOW64\npdeployJava1.dll - Java Deployment Toolkit 7.0.550.14
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9E029654612C58E4D87D8CF70F46055F deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{456920E9-C216-4E85-8DD7-C87FF06450F5} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\9E029654612C58E4D87D8CF70F46055F deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=69 folders=22 57063371 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\mike\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\mike\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on st 27.08.2014 at 14:14:11,59 ======================




CrystaldiskInfo:

----------------------------------------------------------------------------
CrystalDiskInfo 6.1.13 (C) 2008-2014 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 7 Home Premium SP1 [6.1 Build 7601] (x64)
Date : 2014/08/27 14:22:45

-- Controller Map ----------------------------------------------------------
- ATA Channel 1 (1) [ATA]
+ PCI Standardní dvoukanálový řadič IDE [ATA]
- ATA Channel 0 (0)
- ATA Channel 1 (1)
+ PCI Standardní dvoukanálový řadič IDE [ATA]
- ATA Channel 0 (0)
- ATA Channel 1 (1)
+ GIGABYTE GBB36X Controller [SCSI]
- SAMSUNG HD502HJ SCSI Disk Device
- HL-DT-ST DVD-RAM GH22LP20 SCSI CdRom Device

-- Disk List ---------------------------------------------------------------
(1) SAMSUNG HD502HJ : 500,1 GB [0/4/0, pd1]

----------------------------------------------------------------------------
(1) SAMSUNG HD502HJ
----------------------------------------------------------------------------
Model : SAMSUNG HD502HJ
Firmware : 1AJ100E4
Serial Number : S20BJ1LSB02607
Disk Size : 500,1 GB (8,4/137,4/500,1/500,1)
Buffer Size : 16384 KB
Queue Depth : 32
# of Sectors : 976773168
Rotation Rate : 7200 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 6
Transfer Mode : ---- | SATA/300
Power On Hours : 12866 hod.
Power On Count : 4313 krát
Temperature : 29 C (84 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, AAM, 48bit LBA, NCQ
APM Level : 0000h [OFF]
AAM Level : FE00h [OFF]

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 100 _51 000000000000 Počet chyb čtení
02 252 252 __0 000000000000 Průchodnost disku
03 _83 _81 _25 000000001458 Čas na roztočení ploten
04 _96 _96 __0 0000000010D1 Počet spuštění/zastavení
05 252 252 _10 000000000000 Počet přemapovaných sektorů
07 252 252 _51 000000000000 Počet chybných hledání
08 252 252 _15 000000000000 Čas potřebný na vyhledání
09 100 100 __0 000000003242 Hodin v činnosti
0A 252 252 _51 000000000000 Počet opakovaných pokusů o roztočení ploten
0B 252 252 __0 000000000000 Počet pokusů o překalibrování
0C _96 _96 __0 0000000010D9 Počet cyklů zapnutí zařízení
BF 100 100 __0 000000000002 Počet udalostí zaznamenaných otřesovým senzorem
C0 252 252 __0 000000000000 Počet vypnutí disku
C2 _64 _60 __0 0028000C001D Teplota
C3 100 100 __0 000000000000 Počet oprav chybného čtení
C4 252 252 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 252 252 __0 000000000000 Počet podezřelých sektorů
C6 252 252 __0 000000000000 Počet neopravitelných sektorů
C7 100 100 __0 000000000001 Počet chyb v kontrolním součtu UltraDMA
C8 100 100 __0 000000000005 Počet chyb při zápisu sektorů
DF 252 252 __0 000000000000 Zatížení budiče magnetických hlav způsobené opakovanými úkony
E1 100 100 __0 0000000010F6 Počet cyklů načítání/vymazání

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0040 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 5332 3042 4A31 4C53 4230 3236 3037 2020 2020 2020
020: 0000 8000 0004 3141 4A31 3030 4534 5341 4D53 554E
030: 4720 4844 3530 3248 4A20 2020 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 1706 0000 004C 0040
080: 01FF 0028 746B 7F69 4123 7469 BC41 4123 407F 0026
090: 0026 0000 FFFE 0000 FE00 0000 0000 0000 0000 0000
100: 6030 3A38 0000 0000 0000 0000 4000 0000 5002 4E90
110: 027A EDC0 0000 0000 0000 0000 0000 0000 0000 401C
120: 401C 0000 0000 0000 0000 0000 0000 0000 0021 0000
130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0002 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 003F 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 1C20 0000 0000
220: 0000 0000 101F 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 0400 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 2B74

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 2F 00 64 64 00 00 00 00 00 00 00 02 26
010: 00 FC FC 00 00 00 00 00 00 00 03 23 00 53 51 58
020: 14 00 00 00 00 00 04 32 00 60 60 D1 10 00 00 00
030: 00 00 05 33 00 FC FC 00 00 00 00 00 00 00 07 2E
040: 00 FC FC 00 00 00 00 00 00 00 08 24 00 FC FC 00
050: 00 00 00 00 00 00 09 32 00 64 64 42 32 00 00 00
060: 00 00 0A 32 00 FC FC 00 00 00 00 00 00 00 0B 32
070: 00 FC FC 00 00 00 00 00 00 00 0C 32 00 60 60 D9
080: 10 00 00 00 00 00 BF 22 00 64 64 02 00 00 00 00
090: 00 00 C0 22 00 FC FC 00 00 00 00 00 00 00 C2 02
0A0: 00 40 3C 1D 00 0C 00 28 00 00 C3 3A 00 64 64 00
0B0: 00 00 00 00 00 00 C4 32 00 FC FC 00 00 00 00 00
0C0: 00 00 C5 32 00 FC FC 00 00 00 00 00 00 00 C6 30
0D0: 00 FC FC 00 00 00 00 00 00 00 C7 36 00 64 64 01
0E0: 00 00 00 00 00 00 C8 2A 00 64 64 05 00 00 00 00
0F0: 00 00 DF 32 00 FC FC 00 00 00 00 00 00 00 E1 32
100: 00 64 64 F6 10 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 84 12 00 5B
170: 03 00 01 00 02 4F 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 33 00 00 00 00 00 00 00 00 00 00 02 00
010: 00 00 00 00 00 00 00 00 00 00 03 19 00 00 00 00
020: 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00
030: 00 00 05 0A 00 00 00 00 00 00 00 00 00 00 07 33
040: 00 00 00 00 00 00 00 00 00 00 08 0F 00 00 00 00
050: 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00 00
060: 00 00 0A 33 00 00 00 00 00 00 00 00 00 00 0B 00
070: 00 00 00 00 00 00 00 00 00 00 0C 00 00 00 00 00
080: 00 00 00 00 00 00 BF 00 00 00 00 00 00 00 00 00
090: 00 00 C0 00 00 00 00 00 00 00 00 00 00 00 C2 00
0A0: 00 00 00 00 00 00 00 00 00 00 C3 00 00 00 00 00
0B0: 00 00 00 00 00 00 C4 00 00 00 00 00 00 00 00 00
0C0: 00 00 C5 00 00 00 00 00 00 00 00 00 00 00 C6 00
0D0: 00 00 00 00 00 00 00 00 00 00 C7 00 00 00 00 00
0E0: 00 00 00 00 00 00 C8 00 00 00 00 00 00 00 00 00
0F0: 00 00 DF 00 00 00 00 00 00 00 00 00 00 00 E1 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3B




Memtest udělám později, až si na to najdu chvilku. Pak dám vědět. Kontrola disku proběhla, defragmentace taky (ta i běží každou neděli ve 12h)
Nejlepší hra je Excel!
Pravidla fóra PC-helpJak označit téma za vyřešené
»»»»»»»»»»»»»»»»»»»»»»»
UPOZORNĚNÍ - můj Skype, Soukromé zprávy či email neslouží jako tech. podpora.
Dotazy pište do fóra. Od toho tu je.

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43298
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Prosím o kontrolu - náběh systému trvá moc dlouho

Příspěvekod jaro3 » 27 srp 2014 18:53

Memtest?

Vlož nový log z HJT + info o problémech.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
mike007
Master Level 7.5
Master Level 7.5
Příspěvky: 5860
Registrován: srpen 07
Bydliště: Pardubice
Pohlaví: Muž
Stav:
Offline
Kontakt:

Re: Prosím o kontrolu - náběh systému trvá moc dlouho

Příspěvekod mike007 » 28 srp 2014 06:35

Problém se zhoršil. Po zalogování je cca 20 vteřin černá obrazovka, asi jako po skenu Zoeku. Pak naskočí plocha a za cca minutu/dvě ikony. K tomu memtestu jsem se ještě nedostal. Prubnu ho až dnes odpoledne... pak písnu.



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:31:26, on 28.8.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.17054)

FIREFOX: 31.0 (x86 cs)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Users\mike\AppData\Local\Seznam.cz\bin\postak.exe
C:\Program Files (x86)\Razer\razerhid.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Razer\razerofa.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
C:\Users\mike\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Diamondback] C:\Program Files (x86)\Razer\Diamondback\Razer\Diamondback\razerhid.exe
O4 - HKLM\..\Run: [razer] C:\Program Files (x86)\Razer\razerhid.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAE.EXE /FU "C:\Users\mike\AppData\Local\Temp\E_SDC5B.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
O4 - HKCU\..\Run: [Zoner Photo Studio Service 16] "C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXEC:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe"
O4 - HKCU\..\Run: [Seznam Postak] "C:\Users\mike\AppData\Local\Seznam.cz\bin\postak.exe" -s
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'Default user')
O8 - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: Nová poznámka - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\nlssrv32.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10470 bytes
Nejlepší hra je Excel!
Pravidla fóra PC-helpJak označit téma za vyřešené
»»»»»»»»»»»»»»»»»»»»»»»
UPOZORNĚNÍ - můj Skype, Soukromé zprávy či email neslouží jako tech. podpora.
Dotazy pište do fóra. Od toho tu je.


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 68 hostů